Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:36

General

  • Target

    36faa0694618e2199e63379197481860_NeikiAnalytics.exe

  • Size

    118KB

  • MD5

    36faa0694618e2199e63379197481860

  • SHA1

    2001c20e6c9c5713292ddfa108312550e32c607a

  • SHA256

    c16e290fddb1a1d05ab9c4e9ac55ba79ccb577081cde659082316ac6993445f0

  • SHA512

    1274ed9b1bd7972d2baad3785a77beefc58f1e8f8d9bd805224f417c6bd5596eb0e6966a6e6365dc5e71d7119f6e369c5aff144c10eaff5ea866d5e7ff4973f6

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflik:hfAIuZAIuYSMjoqtMHfhflixih

Score
9/10

Malware Config

Signatures

  • Renames multiple (4863) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36faa0694618e2199e63379197481860_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36faa0694618e2199e63379197481860_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

    Filesize

    118KB

    MD5

    2f5278645b48b1807a213d978a81184f

    SHA1

    b12fac8111796880f48de9f07e59a19073ca7f90

    SHA256

    c40012dfbd3a1f99a9d240d07f2342e985059f823354ef9816adfc27e829ace1

    SHA512

    f391a32079b43a62a64acb0ee3f51286e0943f134e6e057e0036ad2fa89bd15d2bdc2d0742cd02d32f492253fb828911d3037a518f07264d893c05dc3ee512e1

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    217KB

    MD5

    966cd34ce0a5c487c4da5d8a03de4ee9

    SHA1

    5b9e45ad71ba36db55d66955f976949fa6f82749

    SHA256

    29b342adc2d851249a677760b68d5f7fd41ffcee9189660381582222e2e609d4

    SHA512

    6a0674da3e2bf0ac702e69989ffb7e061c58099c3c9d0469fe5cafd3284cb32a6fa558e31c79f0cedc77be7ce3a233253fdc07c7e810c917ba778d72836a5f27

  • memory/3612-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3612-964-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB